Anonymous SSH Sessions With TOR

OpenSSH is a great means to protect your connection from being sniffed by others. However, this isn't always enough. Simply proving that you connected to a server is enough to get incriminated. Unfortunately, SSH doesn't provide a native way to obfuscate to whom it connects. Instead, a proxy server can be set up. And this is where TOR comes to play. This howto covers installing TOR on a Debian based system and setting up SSH to use TOR.

Installing TOR

First you should to add the TOR repository to your system. It's only necessary if there's no package in the default repositories.

Add the following line to your /etc/apt/sources.list file. You have to replace lenny with your distribution.

deb http://mirror.noreply.org/pub/tor lenny main

To use this repository without problems, you have to add the PGP key to your system.

apt-key adv --recv-keys --keyserver subkeys.pgp.net 0x94C09C7F

Update your repositories and install TOR.

apt-get update && apt-get install -y tor

If you want to use TOR with OpenSSH, you have to install another program called connect-proxy.

12 Comment(s)

Comments

It contributes to the mess that Internet is becoming : HTTP is the new transport protocol, in place of IP. HTTP wasn't designed for that, how many more layers will we continue to add on the top of it ? Total non-sense.

phocean said: "It contributes to the mess that Internet is becoming : HTTP is the new transport protocol, in place of IP. HTTP wasn't designed for that, how many more layers will we continue to add on the top of it ? Total non-sense."

Are you entirely 100% absolutely certain that you really really understand how the Internet works exactly? You might want to think about reading up on the topic a little more. TCP/IP and HTTP are not the same thing and HTTP most certainly is not in any way replacing IP. HTTP, FTP, SSH, IRC, POP, IMAP, and a number of other transfer protocols are used in addition to TCP/IP and are simply nothing more than agreed upon methods of exchanging data "over the wire". NONE of these protocols are being used "in place of" IP, and I'm not exactly understanding how your comment quite relates to the content of this howto.

On the topic of the howto itself, my thanks to the author for your efforts. While I have no need for TOR at this particular moment, I appreciate the attempt to share useful information and have captured this howto in my notes as some of the information in the howto is useful to me even though I have no need of the TOR part of it.

Also, IP isn't a "transport". TCP, UDP and others are transport protocols, not IP which is in the Network Layer. Why don't you go read at least a wikipedia entry on the OSI and TCP/IP network protocol stacks?

you guys that are aruing about how nonsensical this all is are real dolts. TOR has a very specific aim and that's anonymization. Although some people do use it for simply traversing firewalls, which intself is useful in some sense.

It's non-trivial to want to stay hidden and out of sight especially when there are very real dangers underneath police states where a little free speech can get you killed.

The internet works seamlessly like this because we manage to encapsulate one protocol over the other. Without this design your dribble being slobbered all over this page would not have been possible.

The internet was not simply and casually designed like this on a whim. They spent decades on such a progressive feat; with men standing atop the shoulders of other men pricesely because it took the combined efforts of scientists, mathematicians and all sorts of experts.

The fact that you can casually shrug off this accomplishment is testament to your trivial understanding of the computer that sits before you. How the internet is able to remain agnostic of the type of system that participates in the grand amalgam. Your myopic comprehension is truly and utterly disappointing. Today is another day I shrug of my hopes for an intelligent and sane human race. And instead we have our peers that blather on befuddled always to be trapped in their ever present philospher's cave.

The nonsense about internet is the nonsense about firewall policies. That's the same about nonsense in the most-adopted operating system security (or lack of it), and the nonsense of application-side workaround to the nonsense above.

So now there's SOAP, rpc over http, but the RPC port is closed on the firewall, are you more secure now? :)

I love the idea of Tor but beware. I had it up and running and I got a legal notice that my ISP had received from the RIAA or HBO or someone that I was bittorrenting illegally. But, I never run bittorrent. Turns out that someone else on the Tor network was (big surprise) and by being a Tor exit point as far as HBO was concerned it was I (or at least my system) that was putting out the bittorrent packets.

Sadly I took down Tor in spite of the fact that I really like the notion behind it etc. I suppose I could have left it up and not been an exit point but that did not seem like it was in the spirit of Tor